68 percent of respondents said their operations have had at least
one security compromise in the past year

Only about one-third of U.S. oil and gas cyber managers rate their
organization’s cyber readiness as high

59 percent believe there is a greater risk to operational
technology than to IT

February 16, 2017 08:00 AM Eastern Standard Time

HOUSTON--(BUSINESS WIRE)--A survey of U.S. oil and gas cybersecurity risk managers indicates that
the deployment of cybersecurity measures in the industry isn’t keeping
pace with the growth of digitalization in oil and gas operations. In a
study from the Ponemon Institute – The
State of Cybersecurity in the Oil & Gas Industry: United States– just 35 percent of respondents rated their organization’s
operational technology (OT) cyber readiness as high.

The Ponemon Institute – which conducts independent research on privacy,
data protection and information security policy – examined how oil and
gas companies are addressing cybersecurity risks. Its authors surveyed
377 individuals in the United States who are responsible for securing or
overseeing cyber risk in the OT environment – including upstream,
midstream and downstream applications. The executive summary of the
study is being released in conjunction with a Bloomberg Live event today
in Houston – The Future of Cyber Security: Spotlight on Oil and Gas.

With most respondents describing their organization as being in the
early to middle stage of maturity with respect to their cyber readiness,
68 percent of respondents said their operations have had at least one
security compromise in the past year, resulting in the loss of
confidential information or OT disruption.

59 percent believe there is a greater risk in the OT environment than
the IT environment;

61 percent said their organization has difficulty mitigating cyber
risks across the oil and gas value chain;

Only 41 percent of respondents said they continually monitor OT
infrastructure to prioritize threats and attacks;

65 percent of respondents say the top cybersecurity threat is the
negligent or careless insider and 15 percent of respondents say it is
the malicious or criminal insider – underscoring the need for advanced
monitoring solutions and critical safety zones to identify atypical
behavior among personnel;

61 percent say their organization’s industrial control systems
protection and security is inadequate.

With regard to solutions and security practices, the security
technologies that are considered most effective aren’t extensively
deployed. Technologies identified as very effective in mitigating
cybersecurity risk include: user behavior analytics (63 percent),
hardened endpoints (62 percent) and encryption of data in motion (62
percent). But within the next 12 months less than half of organizations
represented say they will use encryption of data in motion (48 percent
of respondents), only 39 percent will deploy hardened endpoints, and
only 20 percent will adopt user behavior analytics.

“Cyber attacks in the oil and gas industry can have potentially
devastating consequences for the economy and national security, said Dr.
Larry Ponemon, chairman and founder of Ponemon Institute. “We hope
the findings of this research create a sense of urgency to make the
appropriate investments in people, process and technologies to improve
the industry's cyber readiness.”

“The fact that nearly 70 percent of oil and gas companies were hacked in
the past year must serve as a call to action,” said Judy Marks, CEO,
Siemens USA. “As oil and gas producers use digitalization to become
safer and more efficient, there is a clear need to bulk up defenses for
operational technology, which is even more vulnerable to attacks than
the IT environment. At Siemens, we’re able to draw on our deep
experience managing cybersecurity across a global footprint. We help our
customers assess risk, secure infrastructure and provide targeted cyber
solutions for the operational environment, from the field to the control
center and ultimately the enterprise.”

Ponemon Institute conducts independent research on privacy, data
protection and information security policy. Our goal is to enable
organizations in both the private and public sectors to have a clearer
understanding of the trends in practices, perceptions and potential
threats that will affect the collection, management and safeguarding of
personal and confidential information about individuals and
organizations. Ponemon Institute research informs organizations on how
to improve upon their data protection initiatives and enhance their
brand and reputation as a trusted enterprise.

Siemens Corporation is a U.S. subsidiary of Siemens AG, a global
powerhouse focusing on the areas of electrification, automation and
digitalization. One of the world’s largest producers of
energy-efficient, resource-saving technologies, Siemens is a leading
supplier of systems for power generation and transmission as well as
medical diagnosis. With approximately 351,000 employees in 190
countries, Siemens reported worldwide revenue of $88.1 billion in fiscal
2016. Siemens in the USA reported revenue of $23.7 billion, including
$5.4 billion in exports, and employs approximately 50,000 people
throughout all 50 states and Puerto Rico.